Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.6k
[Security] Allow RememberMeHandler to use a custom RememberMeDetails class#44459
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:7.4
Are you sure you want to change the base?
Uh oh!
There was an error while loading.Please reload this page.
Conversation
carsonbot commentedDec 4, 2021
Hey! I see that this is your first PR. That is great! Welcome! Symfony has acontribution guide which I suggest you to read. In short:
Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change. When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor! I am going to sit back now and wait for the reviews. Cheers! Carsonbot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thanks for the PR. Here are some random comments. Don't forget to add tests 😉
src/Symfony/Component/Security/Http/RememberMe/RememberMeHandlerInterface.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
I've added some tests. This includes 2 tests which test the deprecated code paths still work, but this does naturally result in self deprecation notices even when the tests succeed. Considering the PR checks seem to fail because of this it seems like the tests are not supposed to cause any of these. As this is the first time I'm making a PR I'm not quite sure what the policy on tests like these are. Am I supposed to test these a different way, should deprecated code paths simply not be tested, or can these failures in this case be ignored? |
These tests have to be in the legacy group (deprecations in legacy tests are ignored): In these legacy tests, you can also use the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thanks for the PR - it's looking very complete for a first contribution!
I'm a bit unsure about thegetUserIdentifierForCookie() method and whether it should be moved to a separate interface. But as 99% of the remember me handlers extend fromAbstractRememberMeHandler, which has the default behavior, it's probably OK.
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/Security/Http/Authenticator/RememberMeAuthenticator.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
…erMeDetails implementation
9804417 to99b49d0CompareI rebased the PR to 6.2 and solved the resulting merge conflicts. There are some failing tests, but it seems like those are unrelated to the changes of this PR. No new feedback has come since the last feedback was implemented. Is there anything else needed from my side to get this merged? |
@wouterj I'll wait for the 6.3 window and rebase, but is there anything I still need to do aside from that? Like I mentioned previously, all the feedback I got has already been implemented. |
When writing a custom
RememberMeHandlerit is not possible to change anything about what is stored in the cookie or how. Not every implementation would for example need to include the user class or identifier in the cookie or may not even want to. Maybe you might want to add some other value to it, in which case concatenating it to the$valueparameter would seem like more of a dirty workaround.This PR adds support for the
RememberMeAuthenticatorandRememberMeHandlerto use a differentRememberMeDetailsclass when needed.Currently I have not yet added an interface for
RememberMeDetailsto implement so it would be necessary to extend the class directly. This is because I'm thinking of making an RFC first for changing theRememberMeDetailsimplementation for the different available strategies.